Guardians of the (Compliance) Galaxy: Lessons from SEC and ...

5

Brian L. Rubin is the Washington office leader of the Eversheds Sutherland (US) Litigation group and the head of the firm's Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA) and state securities enforcement practice.*

Guardians of the (Compliance) Galaxy: Lessons from SEC and FINRA Enforcement Actions Against Compliance Officers (December 2017 to September 2018)

By Brian L. Rubin, Sarah Sallis and Amber Unwala

Sarah Razaq Sallis advises broker-dealers, investment advisers, investment companies, financial institutions and public companies in private litigation and arbitration matters, as well as examinations, internal investigations and prosecutions by the Financial Industry Regulatory Authority (FINRA), the U.S. Securities and Exchange Commission (SEC), and state securities regulators for Eversheds Sutherland.

"Why Are We Obsessed With Superhero Movies?" ? The New York Times1

We are living in Hollywood's Comic Book Age. A global obsession, superhero movies are seen by hundreds of millions, arguably the most consumed stories in human history. . . . So when historians look back at this glut of superhero flicks, what will they say about us?

"Why the Marvel movies have surpassed `Star Wars' in this nerd's heart" ? USA Today2

It's hard to pinpoint -- perhaps it was the Guardians of the Galaxy dance-fighting to save the cosmos, or Black Panther and the Wakandans rocking our collective world -- when Marvel surpassed Star Wars as Hollywood's best film franchise.

Amber S. Unwala focuses on an array of business and commercial litigation matters, including financial services and securities litigation and enforcement matters involving the US Securities and Exchange Commission (SEC) for Eversheds Sutherland. Her work also includes counseling clients on internal investigations and white collar litigation matters.

Introduction

While the heroes of previous generations of moviegoers included Will Kane in the `50s, Atticus Finch in the `60s, Rocky Balboa in the `70s, Indiana Jones in the `80s, Clarice Starling in the `90s, and Erin Brockovich in the 2000s,3 today's fans are interested in a far different kind of hero. They want to watch and admire people who are Hardworking like Diana (Wonder Woman), Energetic like Jay Garrick (the Flash), Responsible like Peter Parker (Spiderman), Organized like Charles Francis Xavier (Professor X), Erudite like Anthony Edward "Tony" Stark (Iron Man), and a Self-starter

?2018, Brian L. Rubin, Sarah R. Sallis and Amber S. Unwala

6

Practical Compliance & Risk Management For the Securities Industry | November?December 2018

like Bruce Wayne (Batman).4 ("HEROES," get it?) In other words, people like (drumroll please) chief compliance officers or CCOs.

The official tagline for the movie Guardians of the Galaxy is, "All heroes must start somewhere."5 That statement is true not only for movie superheroes, but also for our real-life CCO superheroes. These men and women may not wear magic capes, don futuristic armor, or waive supernatural hammers, but they do serve as generals in a firm's army of compliance professionals (even if they are an army of one). These everyday superheroes carry a heavy burden: protecting their firms from regulatory mayhem. In doing so, they take on the risk that their own personal actions (or inactions), no matter how heroic, will be highly scrutinized by the regulators.

This article, one in a series,6 analyzes SEC and FINRA enforcement cases from December 2017 to September 2018 brought against compliance officers who lost their moral compass (or perhaps ran into Kryptonite). As you'll see (although not in IMAX or 70 mm), the cases and the accompanying analysis provide insights and (hopefully) a bit of heroic comic relief regarding conduct that prevented compliance officers from achieving their true superhero greatness.

Failure to Adopt Adequate Supervisory Systems

Spiderman

"[I]n this world, with great power there must also come--great responsibility." ? Benjamin Parker (Uncle Ben)7

Chief compliance officers play an integral role in combatting the forces of evil (while at the same time maintaining a safe and sound compliance and supervisory system and helping to ensure that firms continue to stay in business and thrive). Given the regulatory requirements, as well as the CCO's position within firm, it is usually the CCO who controls the firm's policies, procedures, and overall compliance structure. And with that control comes--you guessed it--great responsibility.

To help ensure that firms don't completely disengage their regulatory defenses, FINRA requires broker-dealers (BDs) to establish and maintain adequate supervisory systems that are

"reasonably designed to achieve compliance" with the applicable laws, regulations and rules, and to establish written supervisory procedures (WSPs) that are designed to supervise the business activities of firms.8 FINRA also requires that a firm's supervisory system be "tailored specifically to the member's business."9 Additionally, FINRA rules require the designation of at least one CCO, who serves as the primary advisor to the member on its overall compliance scheme and rules, policies and procedures.10 Investment advisers (IAs) are required to adopt and implement written policies and procedures reasonably designed to prevent violations of applicable laws, regulations and rules.11 Investment advisers must also "[d]esignate an individual (who is a supervised person) responsible for administering the policies and procedures" that the IA adopts.12

When heroes turn unheroic, regulators sometimes hammer them with the strength of Thor (or something close to that). For example, in December 2017, a FINRA hearing panel barred a CCO for various misdeeds, among them failing to update the firm's procedures to reflect restrictions that FINRA had imposed upon an individual as part of interim FINRA Continuing Membership Application restrictions.13 The CCO was sanctioned because the Hearing Panel found that the CCO was the only individual at the firm with authority to revise the WSPs.

In July 2018, the National Adjudicatory Council (NAC) found that a BD CCO failed to establish and maintain supervisory systems and WSPs that were tailored to the firm's microcap liquidation business.14 In June 2017, the Hearing Panel suspended the CCO for two years and ordered a fine of $50,000, and on appeal, the NAC affirmed. The firm's May 2013 WSPs required that the CCO be responsible for establishing procedures reasonably designed to ensure that a stock certificate was correctly issued and owned by the customer. It also required the CCO to establish procedures that ensure that a resale of a security was "made in reasonable reliance on an exemption from registration," specifying that the CCO was responsible for "developing and implementing policies and procedures that provide for the review, approval and resale of rule 144 transactions."

The CCO argued on appeal that he had no responsibilities for the WSPs for Rule 144 transactions because the policies did not reflect the firm's practice. He also argued that the May 2014 WSPs

Guardians of the (Compliance) Galaxy

7

stated that the General Principal was responsible for the Rule 144 policies and procedures, and the WSPs defined General Principal as the "Management Committee." The May 2014 WSPs listed four individuals as the Management Committee, including the CCO. The Committee was disbanded in May and June 2014, but the CCO had not transferred his responsibility. The NAC found that once he became CCO, he had the authority and responsibility under the WSPs to update them with the firm's assignment of responsibilities, and he failed to do so. He also did not name another principal as being responsible for maintaining the WSPs for the Rule 144 transactions.

The NAC also found that the CCO failed to maintain a supervisory system and adequate WSPs related to the firm's microcap liquidation business because he failed to implement policies for the review, approval, and resale of Rule 144 transactions. The CCO failed to tailor the policies and address the associated risks with the firm's primary business function, which was the deposit and liquidation of microcap securities. The NAC accordingly suspended the CCO from associating with any FINRA member firm for two years and fined him $50,000. The NAC noted that the violations were egregious and that the CCO "demonstrated failure to appreciate the extent and seriousness of the responsibilities he took on," which warranted "significant sanctions in excess of the Guidelines recommended range."

Takeaway: You don't need an infinity stone to know that regulators may impose sanctions on CCOs who fail to follow, develop, and update their firms' procedures. This is especially important where the regulator has imposed restrictions on the firm, or where the firm employs individuals who are subject to plans of heightened supervision that compliance officers must draft (e.g., statutorily disqualified individuals, individuals with a history of customer complaints, etc.).15

Insufficient Disclosures

Captain America: Civil War

"Okay, anybody on our side hiding any shocking and fantastic abilities they'd like to disclose?" ? Iron Man16

Disclosures are important not only for superheroes. They are also important for firms trying to

ensure that they aren't making misrepresentations or omitting to state material facts. At times, compliance officers play a role in their firms' disclosures, including those related to conflicts of interest. (It goes without saying that superheroes are always addressing conflicts of interest, whether it's regarding using their superpowers or showing restraint or disclosing their secrets or remaining incognito.)

This article, one in a series,

analyzes SEC and FINRA

enforcement cases from December

2017 to September 2018 brought

against compliance officers who

lost their moral compass (or

perhaps ran into Kryptonite).

Chief compliance officers may be found liable in connection with their firms' inaccurate disclosures. For example, in April 2018, the SEC accepted an offer of settlement from an individual who played many roles at his firm, including acting as CCO.17 In that capacity, he signed and filed Forms ADV, falsely representing that his firm had the requisite assets under management to register as an IA, which requires a certain amount of assets under management (AUM). In January 2005, the CCO filed an initial Form ADV representing that the firm would be eligible for SEC registration within 120 days. Four months later, the CCO filed a supplemental Form ADV falsely representing that the firm had AUM of $25 million or more. The CCO repeated the same representations over the course of five years, later falsely stating that the AUM was more than $100 million. In reality, the firm did not have the requisite AUM to register as an investment adviser. The SEC charged the CCO and the firm with violating Sections 203A and 207 of the Advisers Act, ordered the CCO to pay a civil money penalty of $20,000, and barred him from the industry for a year.

Takeaway: Chief compliance officers may be sanctioned if they fail to file complete and accurate disclosures. No matter the regulator, failure

8

Practical Compliance & Risk Management For the Securities Industry | November?December 2018

to disclose conflicts may lead to a less than Marvel-ous outcome for CCOs and firms alike.

Policies and Procedures Related to Performance

Avengers: Infinity War

"I went forward in time to see all the possible outcomes of the present situation." ? Dr. Strange18

Like Dr. Strange, when regulators are evaluating statements, they do so with the futuristic benefit of 20-20 hindsight. Thus, they have no need for Clark Kent's glasses or Superman's x-ray vision. Instead, if a statement is too good to believe after-the-fact, they may investigate the basis for that statement, which could result in an enforcement action.

Regulators often bring cases against firms or representatives for making misleading statements or omitting to state material facts. Sometimes, compliance officers get implicated for their firms' statements. For example, in April 2018, through a settled action, the SEC alleged that an individual who was president, CCO, and an 80% owner of an investment adviser caused his firm to make willful fraudulent statements in advertisements, written materials, presentations, seminars, websites, radio shows, and weekly updates delivered to clients regarding the firm's hypothetical algorithmic trading activity.19

As CCO, the individual was responsible for the firm's policies and procedures. The SEC alleged that the firm failed to adopt and implement policies and procedures reasonably designed to prevent violations of the Advisers Act in connection with its advertisements. The firm advertised performance without disclosing that the returns were hypothetical, back-tested performance results. In other words, the firm went forward and backward in time to paint a rosier picture of the model's performance. (Now if that isn't a Doctor Strange move, we don't know what is.) Unfortunately, the CCO did not use his time traveling powers for good (unlike, say, in the Back to the Future movies, which involved no actual superheroes). The SEC permanently barred the CCO and assessed a $75,000 penalty against him.

Takeaway: Chief compliance officers may be held liable for failing to implement appropriate

policies and procedures in many different areas, including in connection with performance statements.

Anti-Money Laundering

Guardians of the Galaxy

"Groot: I am Groot."

"Rocket Raccoon: Asleep for the danger, awake for the money, as per frickin' usual."20

Groot may not be CCO material but staying awake for the money is one important prerequisite for an anti-money laundering compliance officer (AMLCO). Of course, there are others, as demonstrated by the cases below.

In May 2018, through an Offer of Settlement, the SEC alleged that a BD's CCO, who also served as the firm's AML officer, failed to file Suspicious Activity Reports (SARs) and ignored AML due diligence responsibilities related to certain fraudulent penny stock transactions.21 Specifically, seven customers sold more than 12.5 billion shares of penny stocks, often in large volumes, and each conducted at least one transaction where the sale was more than 50% of the sales volume during the single trading day. Four of the seven customers had at least one transaction where the sales exceeded 70% of the sales volume. Under the firm's AML program, the CCO/ AMLCO had the responsibility to file the SARs. The SEC found that he should have looked for patterns of suspicious activity and flagged potentially problematic transactions. Due to his failures, he was barred from the industry for three years, barred from participating in any offering of penny stocks, and ordered to pay a penalty of $15,000.

In July 2018, the SEC accepted an Offer of Settlement submitted by the AMLCO of a dually registered BD/IA for failures to file SARs on hundreds of suspicious transactions involving low-priced securities.22 Firm customers transacted low-priced securities through the firm, but the shares were custodied at another firm. The SEC found that the AMLCO failed to review flagged transactions for potential market manipulation. Specifically, the AMLCO failed to file SARs where the customers: (i) sold large numbers of lowpriced securities comprising large percentages

Guardians of the (Compliance) Galaxy

9

of issuers' daily trading volume and outstanding float; (ii) traded shares of issuers that changed names and business lines; (iii) sold large shares of low-priced securities during periods of increases in price and volume; and (iv) traded in shares of issuers with little or no market activity. This activity caused the clearing firm to issue alerts to the AMLCO. However, despite the alerts, the AMLCO failed to file SARs and failed to produce any written analysis or otherwise demonstrate that he had considered filing SARs for these transactions. The SEC ordered the AMLCO to pay a civil penalty of $20,000.

Takeaway: Anti-money laundering compliance officers may be sanctioned if they fail to identify red flags and file appropriate SARs. Where suspicious transactions are flagged, AMLCOs may need to provide analyses or demonstrate that they considered filing SARs.

Failure to Follow Written Supervisory Procedures

Be a Bathroom Superhero (book for parents and children) (found after much googling)

"Be a Bathroom Superhero ? Teaching bathroom rules and procedures"23

While some superheroes (apparently) need to learn bathroom rules and procedures, some of them (presumably) have already learned how to follow mandates when their superhero qualities come out. (Or at least they don't make movies about the "learning the bathroom" years.)

Compliance officers also need to learn how to follow the rules, particularly rules set forth in written supervisory procedures (WSPs). And, if they don't, their careers might be flushed down the toilet. (Sorry about that.) The abovereferenced July 2018 Offer of Settlement provides an example.24 The SEC alleged that the AMLCO failed to follow WSPs related to reporting known or suspected violations of AML policies and other suspected violations or crimes. The firm's WSPs expressly identified transactions that could warrant a SAR filing. For example, the WSPs identified specific red flags for trading in low-priced securities, trading that constituted a substantial portion of trading for the day in a particular security, sudden spikes in investor demand and a rising price in thinly traded or low-priced

securities, or various other forms of suspicious transactions. The WSPs expressly tasked the AMLCO as being responsible for deciding whether the firm needed to file a SAR. However, the SEC alleged that, although the AMLCO became aware of transactions that were specifically red-flagged

Chief compliance officers play an integral role in combatting the forces of evil (while at the same time maintaining a safe and sound compliance and supervisory system and helping to ensure that firms continue to stay in business and thrive).

in the WSPs and he was alerted by clearing firms that certain transactions appeared suspicious, he failed to provide any written analysis or demonstrate that he had considered filing SARs for these types of transactions. The SEC ordered the AMLCO to pay a civil penalty of $20,000 due to his failure to follow the WSPs related to SARs.

Takeaway: Anti-money laundering compliance officers (and other compliance officers) may be sanctioned for failing to follow WSPs. This is an issue where the WSPs specifically outline tasks that must be taken when certain conduct arises.

Custody Rule

The Dark Knight

"Batman/Bruce Wayne: What did you do?"

"Joker: I took Gotham's white knight and I brought him down to our level. It wasn't hard. You see, madness, as you know, is like gravity. All it takes is a little push! [the Joker laughs hysterically as Batman races off and the cops come to take the Joker into custody]."25

The SEC's custody rule is Rule 206(4)-2 of the Advisers Act.26 It is a very important rule, although

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download